As we are having the following problem in the office (small company without an IT person) I was wondering if it is possible to find out when someone last logged on to their PC.
System details
Email: Exchange server (externally hosted)
PC OS: XP
Productivity SW: Office 2007
Issue
Someone is logging on to a PC and looking through the mail archive saved to the local drive of the PC. They then change the time and date of the PC (using the tool that you get to by double clicking on the time at the bottom right of the screen) and send email that the PC's user has previously received or sent (mostly personal, but some business email as well). Because the PC is not logged on to Exchange these emails only wind up in the out box to be sent, rather than being sent immediately. They do however, wind up with a date and time stamp that reflects the changes that the person made. E.g. Even though they access the PC on Sat at 3pm, they change the dates to Monday at 9am and this is what is recorded on the emails in the out box.
What happens next is that when the user of the PC next logs on to Exchange the emails in the out tray get sent without them noticing it. Because the person doing this changes the date and time to the time that the user will next be in the office it looks as though the user is sending these emails.
We figure that if we can check when the PC has previously been used we may get a better idea of who is doing this.
Any ideas would be great.
Kind thanks

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your response...

Discuss This Question: 2 &nbspReplies

There was an error processing your information. Please try again later.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Are you in a domain or workgroup? Is the computer running XP Home or XP Pro? Do you have password requirement to logon to your computers? If you are looking to find this information now, and did not have logging enabled, I don't think you will be able to determine who was logged on. However, you have not provided the necessary information to make this determination. Let us know more details and I can give you a better answer.

First thing, have the user change their password to a strong password and make sure they do not write it down.
Do you have security logging enabled on the system? If not, enable logging adding successful and failed logins to tracked events. This will let you know what IDs logged on when and who is messing with the system.
Does everyone have local admin on systems? If so, then it they are bent on malicious activity, it will be hard to catch them. Restrict local admin access on the system in question and change the local administrator password.
If you want, restrict access to the PST file so that only the proper user has access to the file. Once again, admin rights trumps all.
If you are in an AD domain, ensure that successful and failed logins are tracked. This is tracked on the domain controller that the system connected to during login. That means you have to check the log of each domain controller.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

Processing your reply...

Ask a Question

Free Guide: Managing storage for virtual environments

Complete a brief survey to get a complimentary 70-page whitepaper featuring the best methods and solutions for your virtual environment, as well as hypervisor-specific management advice from TechTarget experts. Don’t miss out on this exclusive content!

Share this item with your network:

To follow this tag...

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy